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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S. C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 14 October 2004 . 
2a)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) 19-38 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 19-38 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)Q accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 
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1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3.0 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . The response of 1 0/1 4/2004 was received and considered. 

2. Claims 1 -1 8 are canceled per Applicant's response. 

3. Claims 19-38 are pending. 

Response to Arguments 

4. Applicant's arguments with respect to claims 1-18 have been considered but are moot in 
view of the new ground(s) of rejection. 

5. Regarding claims 19, 26 & 33, Tabuki discloses a system where a user enters a username 
and password that is sent to a verification server/database server. The database server contains a 
database with identification data of a host and authentication data of a host (col. 4, lines 32-34) 
and extracts the password for comparison based on the host identification send with the request. 
The verification server then validates the request based on the stored data. Tabuki fails to 
disclose a single user having multiple user IDs and passwords, just that the server contains a user 
ID and password for at least one user. However, Compelson teaches a program that uses a 
client-side database of passwords and user names to automatically enter the user names and 
passwords when an appropriate application is identified. The important teaching from 
Compelson illustrates that a single user will have more than one user name and password 
combinations corresponding to different applications. Therefore, it would have been obvious to 
one having ordinary skill in the art at the time the invention was made to modify Tabuki to 
include, for at least one entry corresponding to a user, multiple user identifiers and corresponding 
passwords. One of ordinary skill in the art would have been motivated to perform such a 
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modification to support multiple user identifiers and corresponding passwords, as taught by 
Compelson while maintaining the relief afforded to the client by not having to maintain a 
database and verification mechanism, as taught by Tabuki (col. 2, lines 35-40). 

6. Regarding claims 20, 27 & 34, newly cited art to Telleen teaches why LDAP is a popular 
protocol for remote communication for data retrieval. Prompt merely teaches that the use of 
referral objects in an LDAP environment (directory structure is a type of database) allows the 
addition of data without redesigning the directory structure (1(120). By definition, referral 
objects refer to a storage location. Tabuki, as modified above by Compelson, recognizes that 
users have many passwords and quick extensibility in the addition and modification of database 
data is always a benefit in information storage. 

Claim Rejections - 35 USC § 112 

7. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

8. Claims 23, 30 & 36 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one skilled in the 
relevant art that the inventor(s), at the time the application was filed, had possession of the 
claimed invention. In light of the specification, it is unclear what comprises a "secure layer" and 
how a secure layer and how an application associated with the application login is identified by 
the secure layer. 
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9. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

10. Claims 23, 30 & 36 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. It is unclear how a layer, an abstract/logical structure, can 
identify the application. 

Claim Rejections - 35 USC § 103 

1 1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

12. Claims 19, 22-24, 26, 29-31, 33 & 35-37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 5,706,427 to Tabuki in view of "Password Officer 2000, The 
complete password management solution" by Compelson Laboratories (Compelson). 

Regarding claims 19, 26 & 33, Tabuki discloses receiving in a database 
server/verification server, a user identifier (col. 4, lines 22-26) and user password (col. 4, lines 
14-17) from a client computing device/user host via an application login (col. 4, lines 14-17), 
identifying an application password/user password associated with the identified application and 
user identifier via a backend database/verification server (col. 4, lines 30-41), wherein the 
backend database/verification server stores entries for each of a plurality of registered users and 
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wherein the entries for the plurality of registered users include the user identifiers and application 
passwords for each application for which a user is registered (col. 4, lines 10-54). Tabuki lacks 
at least one entry of the entries for each of the plurality of registered users having a plurality of 
different user identifiers and corresponding passwords, the plurality of different user identifiers 
and corresponding passwords comprising one user identifier and password for each application 
of a plurality of applications for which a user associated with the entry is registered. However, 
Compelson teaches that most users have multiple user ID and password combinations to 
remember to accommodate different applications (p. 3, f 1). Compelson further teaches a system 
including a database of user names and passwords for different applications for a user, where a 
password is retrieved from the database depending on the identified application (p. 4, ^[1 & p. 5, 
1f3). Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to modify Tabuki to include at least one entry for a user where multiple user 
identifiers and passwords are stored, where the specific user identifier and password are 
identified by the application. One of ordinary skill in the art would have been motivated to 
perform such a modification because most users have multiple user identifiers and passwords 
associated with multiple applications, as taught by Compelson (p. 4, ^[1 & p. 5, f3). 

Regarding claims 22, 29 & 35, Tabuki discloses providing the application 
password/stored password and the user password to a security service/verification server wherein 
the security service performs authentication/comparison based on the application password and 
the user password (col. 4, lines 37-41). 

Regarding claims 23, 30 & 36, Tabuki, as modified above, discloses identifying the 
application/user prior to transmission of the identifier and user password (col. 7, lines 25-30 & 
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col. 8, lines 1-4) and encrypting the user identifier and password (col. 8, line 8). Further, Tabuki 
discloses the entities connected via the Internet and World Wide Web (col. 4, lines 50-54), which 
operates using the OSI, layered model. 

Regarding claims 24, 31 & 37, Tabuki discloses a password attribute associated with 
each user (col. 4, lines 16-17). 

13. Claims 21 & 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over Tabuki in 
view of Compelson, as applied to claims 19 & 26 above, in further view of "Sill Evolving, 
LDAP Standard Opens Up Collaborative Computing" by Telleen. Tabuki, as modified above, 
lacks the database server being an LDAP server. However, Telleen teaches that LDAP allows 
communication between distributed directory services and is interoperable with different vendors 
(1J5). Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to use the LDAP standard. One of ordinary skill in the art would have been 
motivated to perform such a modification to gain the benefit of interoperability with different 
vendors, as taught by Telleen flf5). 

14. Claims 20, 25, 27, 32, 34 & 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Tabuki and Compelson, as applied to claims 19, 26 & 33 above, in further view of Telleen 
and U.S. Patent Application Publication 2001/0034733 to Prompt et al. (Prompt). Telleen 
teaches that LDAP allows communication between distributed directory services and is 
interoperable with different vendors fl|5). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to use the LDAP standard. One of 
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ordinary skill in the art would have been motivated to perform such a modification to gain the 
benefit of interoperability with different vendors, as taught by Telleen fl[5). As modified, Tabuki 
lacks using a referral object that references a storage location in the backend database. However, 
Prompt teaches that one can achieve unlimited LDAP extensibility by using referral objects, 
which allow the referencing of even more referral objects (HI 20). The LDAP referral allows the 
addition of new elements to the LDAP database without the necessity for directory redesign 
(If 120). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made use a referral object that references a storage location in the backend 
database (all referral objects reference a storage location). One of ordinary skill in the art would 
have been motivated to perform such a modification to gain unlimited extensibility, as taught by 
Prompt (1120). 

Conclusion 

15. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. The '941 patent reference is cited for teaching a database containing entries for 
users, where each user is associated with a plurality of user identifier/password 
combinations, where each of the combinations is used to gain access to a particular 
application. 

b. The 6 995, 6 511,'816& c 512 patent references are cited for teaching a database 
containing authentication data of users for various applications. 
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c. The "Authenticating with LDAP using Openldap and PAM" reference is cited for 
teaching using LDAP to create a central repository of passwords using Linux. 

16. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action, is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 . 1 36(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

1 7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272-3841. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 
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(571)273-3841 (Examiner's fax, for informal or draft communications, please 
label "PROPOSED" or "DRAFT") 



Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571) 272-2100. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




MJS 

February 16, 2005 



GREGORY MO^ 
SUPERVISORY RAT .. 
TECHNOLOGY- ^v,-.: 




